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Dear Sir or Madam: 

Pursuant to 37 C.F.R. § 41.41, Appellant submits this Reply Brief in response to the Examiner's 
Answer mailed on August 1, 2007. 

I. REAL PARTY IN INTEREST 

A statement identifying the real party in interest is contained in the Appeal Brief. 

II. RELATED APPEALS AND INTERFERENCES 

A statement identifying the related appeals and interferences is contained in the Appeal Brief. 

III. STATUS OF CLAIMS 

A statement identifying the status of the claims is contained in the Appeal Brief. 

IV. STATUS OF AMENDMENTS 

A statement identifying the status of amendments is contained in the Appeal Brief. 
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V. SUMMARY OF CLAIMED SUBJECT MATTER 

A summary of the claimed subject matter is contained in the Appeal Brief. 

VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

A statement identifying the grounds of rejection to be reviewed on appeal is contained in the 
Appeal Brief. 

VII. RESPONSE TO EXAMINER'S ANSWER 

Claim 1 recites: 

1. A method for performing path-level access control evaluation for a structured 
document, wherein the structured document comprises a plurality of nodes and each of the 
plurality of nodes is described by a path, the method comprising the steps of: 

(a) storing an access control statement in a cache entry for a path associated with a 
node of the plurality of nodes; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; and 

(d) granting or denying access to the node based on the access control statement in 
the cache entry for the path associated with the node. 

A. Examiner's First Response 

In response to Appellant's argument that Damiani ("Design and implementation of an access 

control processor for XML documents") does not disclose, teach, or suggest "storing an access control 

statement in a cache entry for a path associated with a node of the plurality of nodes", as recited in 

claim 1, the Examiner states: 

As indicated in the previous Office Actions, section 3.1 of Damiani is entitled 
"Identifying authorization objects via path expressions". The section describes the 
application of access control statements to paths associated with nodes. "Given a path 
expression 11/12/.. ./In, a condition on label li restricts the application of the path 
expressions only to those node(s) li for which the condition evaluates to be true." (See 
page 65, left column, bottom of page) Furthermore, the last few lines of the right 
column of page 61 describe "authorizations that apply to all documents matching a 
given path expression". Finally, section 5.3 describes caching transformed documents 
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containing access control information. Damiani thus anticipates a cache containing 
access control information related to a path. 

(August 1, 2007 Examiner's Answer, pg. 12). 

Appellant respectfully submits that it is irrelevant what Damiani is entitled. The issue is whether 
Damiani discloses, teaches, or suggests "storing an access control statement in a cache entry for a path 
associated with a node of the plurality of nodes", as recited in claim 1. 

As pointed out by the Examiner, Damiani discusses specifying authorizations for XML documents 
and elements within XML documents. The Examiner, however, failed to point out that Damiani explicitly 
teaches that "[authorizations specified for each XML document/DTD (elements within) are stored in an 
XAS (XML Access Sheet) associated with the document/DTD" (pg. 63, section 3 of Damiani). This is also 
clearly illustrated in FIG. 2 of Damiani. 

The fact that Damiani describes caching transformed XML documents is further proof that 
Damiani was well aware of the caching option, but specifically chose to store the authorizations in an 
XML Access sheet, rather than in a cache. Hence, contrary to the Examiner's assertions, Damiani 
does NOT disclose, teach, or suggest "storing an access control statement in a cache entry for a path 
associated with a node of the plurality of nodes", as recited in claim 1 (emphasis added). 

Accordingly, claim 1, and the claims that depend therefrom, are not anticipated by Damiani. 
Given that claims 11, 21, 24, and 27 each recite elements similar to those of claim 1, those claims, and 
the claims that depend therefrom, are not anticipated by Damiani for at least the same reasons. 
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B. Examiner's Second Response 

In response to Appellant's argument that Damiani does not disclose, teach, or suggest "checking 

the cache entry for the path associated with the node", as recited in claim 1, the Examiner states: 

Appellant argues that Damiani does not teach paths, therefore the reference 
cannot anticipate this limitation either. This argument has already been addressed. 
Appellant also argues that the second cited passage of Damiani ("Performance and 
caching", lines 11-17) does not teach "checking the cache". The Examiner asserts that 
"checking the cache" is equivalent to the searching described in the cited passage. 
Caching is a very well-known technique at all levels of computing and the step of 
"checking the cache" is a necessary step in using a cache. 

(August 1, 2007 Examiner's Answer, pg. 13). 

Regardless of whether caching is a well-known technique, the issue is still whether Damiani 
discloses, teaches, or suggests "checking the cache entry for the path associated with the node", as 
recited in claim 1. 

As discussed above, Damiani teaches storing authorizations, which the Examiner is construing as 
disclosing the "access control statement" recited in claim 1, in an XML Access Sheet (XAS), not a cache. 
In addition, the section in Damiani cited by the Examiner concerning path expressions only relates to 
how the "object" in the XML Access Sheet may be identified (see pgs. 64-65 of Damiani). Further, the 
section of Damiani cited by the Examiner concerning caching does not even mention paths or path 
expressions (see pgs. 68-69, section 5.3 of Damiani). 

In Damiani, a cache is not checked for authorizations when an XML document is processed. 

Rather, the XAS associated with the XML document is checked. Specifically, Damiani states: 

Our processor takes as input the valid XML document requested by the user or 
computed by the query, together with an XML Access Sheet (XAS) listing the associated 
access authorizations at document level. The processor operation also involves the 
document's DTD and the associated XAS specifying DTD level authorizations. 

(Pg. 67, section 5 of Damiani). 
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Damiani also states: 

(2) Tree labeling. The labeling step involves the propagation of the labeling of 
the DOM tree according to the authorizations listed in the XAS associated to the 
document and its DTD, both at the organization and at the site level. 

(Pg. 67, section 5 of Damiani). 

Accordingly, Damiani does not disclose, teach, or suggest "checking the cache entry for the path 
associated with the node", as recited in claim 1. Therefore, claim 1, and the claims that depend 
therefrom, are not anticipated by Damiani. Given that claims 11, 21, 24, and 27 each recite elements 
similar to those of claim 1, those claims, and the claims that depend therefrom, are not anticipated by 
Damiani for at least the same reasons. 

C. Examiner's Third Response 

In response to Appellant's argument that Damiani does not disclose, teach, or suggest "granting 

or denying access to the node based on the access control statement in the cache entry for the path 

associated with the node", as recited in claim 1, the Examiner states: 

Again, Appellant's argument comes down to whether or not Damiani teaches 
caching path information. See Examiner's comments above. 

(August 1, 2007 Examiner's Answer, pg. 13). 

Appellant does not dispute that one of the key issues is whether authorization and path 
information are cached in Damiani. Appellant, however, does dispute the Examiner's assertion that 
authorization and path information are cached in Damiani. Specifically, as discussed above, Damiani 
clearly states and shows that authorization and path information are stored in an XML Access Sheet 
(XAS), not in a cache. 
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Accordingly, Damiani does not disclose, teach, or suggest "granting or denying access to the 
node based on the access control statement in the cache entry for the path associated with the node", 
as recited in claim 1. Therefore, claim 1, and the claims that depend therefrom, are not anticipated by 
Damiani. Given that claims 11, 21, 24, and 27 each recite elements similar to those of claim 1, those 
claims, and the claims that depend therefrom, are not anticipated by Damiani for at least the same 
reasons. 



Claim 21 recites: 

21. A method for performing path-level access control evaluation for a structured 
document, wherein the structured document comprises a plurality of nodes and each of the 
plurality of nodes is described by a path, the method comprising the steps of: 

(a) storing an access control statement in a cache entry for a path associated with a 
node of the plurality of nodes, wherein the access control statement is one of a grant 
statement, a deny statement, an unknown statement, and a data-dependent statement; 

(b) receiving a query, wherein the query comprises a request to access the node; 

(c) checking the cache entry for the path associated with the node; 

(d) granting access to the node responsive to the access control statement being a 
grant statement; 

(e) denying access to the node responsive to the access control statement being a 
deny statement; and 

(f) evaluating a value expression for the path associated with the node to produce 
a result in response to the access control statement being an unknown statement or a data- 
dependent statement, 

wherein the value expression is an executable statement based on an access control 
policy affecting the path and indicates who has access to the node. 

D. Examiner's Fourth Response 

In response to Appellant's argument that Damiani does not disclose, teach, or suggest 
"evaluating a value expression for the path associated with the node to produce a result in response to 
the access control statement being an unknown statement or a data-dependent statement, wherein the 
value expression is an executable statement based on an access control policy affecting the path and 
indicates who has access to the node", as recited in claim 21, the Examiner states: 
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The claim language reciting "an executable statement" is not granted much 
weight because all statements on a computer are executable. Less broadly, the relevant 
claim limitation is directed towards user authorization. Damiani discloses several 
granularities of authentication (see section 3.2, "Identifying authorization subjects"): 
"user identity" and "user-id". 

(August 1, 2007 Examiner's Answer, pgs. 13-14). 

If by stating that "the claim language 'an executable statement' is not granted much weight" the 
Examiner meant to read the term "an executable statement" recited in claim 21 out of the claim, then 
Appellant respectfully reminds the Examiner that longstanding caselaw holds that a claim CANNOT be 
construed so broadly such that terms recited in the claim are read out of the claim. Each term in a claim 
must be given meaning. 

On the other hand, if by stating that "the claim language 'an executable statement' is not 
granted much weight" the Examiner meant that the authorizations in Damiani are also executable, then 
Appellant respectfully disagrees. In particular, as discussed above, the authorizations in Damiani are set 
forth in an XML Access Sheet (XAS). Those skilled in the art know that XML is a markup language, not a 
programming language. 

Additionally, it is not inherent that the authorizations in Damiani are executable. Under 
M.P.E.P. §2163: 

To establish inherency, the extrinsic evidence "must make clear that the missing 
descriptive matter is necessarily present in the thing described in the reference, and 
that it would be so recognized by persons of ordinary skill. Inherency, however, may 
not be established by probabilities or possibilities. The mere fact that a certain thing 
may result from a given set of circumstances is not sufficient." In re Robertson, 169 F.3d 
743, 745, 49 U.S.P.Q.2d 1949, 1950-51 (Fed. Cir. 1999). 

(M.P.E.P. § 2163.07, 8th ed., Sept. 2007 rev.). Persons of ordinary skill in the art readily understand that 

authorizations need not be executable statements since an authorization can simply be, for instance, a 

listing of users that have access to a particular document. 
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Accordingly, Damiani does not disclose, teach, or suggest "evaluating a value expression for the 
path associated with the node to produce a result in response to the access control statement being an 
unknown statement or a data-dependent statement, wherein the value expression is an executable 
statement based on an access control policy affecting the path and indicates who has access to the 
node", as recited in claim 21. Therefore, claim 21, and the claims that depend therefrom, are further 
not anticipated by Damiani. Given that claims 24 recite elements similar to those of claim 21, claim 24 is 
further not anticipated by Damiani for at least the same reasons. 

CONCLUSION 

On the basis of the above remarks, and the remarks made in the Appeal Brief, Appellant 
respectfully submits that the final rejection should be reversed. 

Respectfully submitted, 
SAWYER LAW GROUP LLP 

Dated: December 20, 2007 /Erin C. Ming/ 

Erin C. Ming 
Attorney for Applicant 
Reg. No. 47,797 
(650) 475-1449 
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VIII. APPENDIX OF CLAIMS 

A listing of the claims involved on appeal is contained in the Appeal Brief. 

IX. EVIDENCE APPENDIX 

None 

X. RELATED PROCEEDINGS APPENDIX 

None 
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